Which of the following access control models uses a predefined set of access privileges for an object of a system?

A. Discretionary Access Control
B. Mandatory Access Control
C. Policy Access Control
D. Role-Based Access Control

Joan is the project manager of the BTT project for her company. She has worked with her project to create risk responses for both positive and negative risk events within the project. As a result of this process Joan needs to update the project document updates. She has updated the assumptions log as a result of the findings and risk responses, but what other documentation will need to be updated as an output of risk response planning?

A. Lessons learned
B. Scope statement
C. Risk Breakdown Structure
D. Technical documentation

Which of the following is used in the practice of Information Assurance (IA) to define assurance requirements?

A. Classic information security model
B. Communications Management Plan
C. Five Pillars model
D. Parkerian Hexad

What approach can a project manager use to improve the project's performance during qualitative risk analysis?

A. Create a risk breakdown structure and delegate the risk analysis to the appropriate project team members.
B. Focus on high-priority risks.
C. Focus on near-term risks first.
D. Analyze as many risks as possible regardless of who initiated the risk event.

Which of the following acts is used to recognize the importance of information security to the economic and national security interests of the United States?

A. Computer Fraud and Abuse Act
B. FISMA
C. Lanham Act
D. Computer Misuse Act

Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

A. IFB
B. RFI
C. RFQ
D. RFP

You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

A. Risk management plan
B. Stakeholder management strategy
C. Risk register
D. Lessons learned documentation

Beth is the project manager of the BFG Project for her company. In this project Beth has decided to create a contingency response based on the performance of the project schedule. If the project schedule variance is greater than $10,000 the contingency plan will be implemented. What is the formula for the schedule variance?

A. SV=EV-PV
B. SV=EV/AC
C. SV=PV-EV
D. SV=EV/PV

Numerous information security standards promote good security practices and define frameworks or systems to structure the analysis and design for managing information security controls. Which of the following are the international information security standards? Each correct answer represents a complete solution. Choose all that apply.

A. Human resources security
B. Organization of information security
C. Risk assessment and treatment
D. AU audit and accountability

You are the project manager for your organization. You are working with your key stakeholders in the qualitative risk analysis process. You understand that there is certain bias towards the risk events in the project that you need to address, manage, and ideally reduce. What solution does the PMBOK recommend to reduce the influence of bias during qualitative risk analysis?

A. Establish the definitions of the levels of probability and impact
B. Isolate the stakeholders by project phases to determine their risk bias
C. Involve all stakeholders to vote on the probability and impact of the risk events
D. Provide iterations of risk analysis for true reflection of a risk probability and impact